from the total-information-privacy-breach dept

The arguments are still ongoing concerning whether or not Congress will reauthorize the FISA Amendments Act, which has enabled -- via a secret interpretation of the law, that even many members of Congress are not told about -- law enforcement to collect huge chunks of private info on Americans with no oversight or warrants. However, in a move that should raise significant concerns about allowing such widespread trolling of private info, a report in the Wall Street Journal by Julia Angwin uncovered that the Obama administration quietly changed the rules back in March concerning the National Counterterrorism Center -- allowing it to retain a giant database of information on innocent Americans. This was done over the objections of many in the administration, including the "Chief Privacy Officer" for the Department of Homeland Security.

The National Counterterrorism Center (NCTC) is where all intelligence agencies were told to send their leads, after it was determined that there was an intelligence failure that allowed the so-called underwear bomber, Umar Farouk Abdulmutallab, to get on a plane a few years ago. Then came some interagency squabbling over information:

Unfortunately, NCTC didn't have the resources to "exhaustively" pursue the torrent of leads it began receiving. So it fell behind. Late last year, after Homeland Security had given NCTC a database on condition that it purge the names of all innocent persons within 30 days, things came to a head. Homeland Security eventually revoked NCTC's access to the data and NCTC decided it needed to operate under different rules. In particular, it wanted unlimited access to all government agency information for as long as it needed it, including both suspects and non-suspects alike. In March, after discussion at the White House, Eric Holder granted their request.

In a separate blog post, Angwin breaks down the specific rule changes from the 2008 document to the 2012 document. They detail just how a system that was initially limited to protect privacy has now turned into the exact opposite of that. Among the rule changes: it used to require a focus on terrorism information. No longer. And then there are the following two changes:

Dropping the requirement to remove innocent U.S. person information. The 2008 guidelines required NCTC to remove US person information that is “not reasonably believed to be terrorism information.” In 2012, the guidelines were updated to allow NCTC to keep U.S. person information for “up to five years” and to “continually assess” the information to determine whether it constitutes terrorism information.

Adding the ability to do “pattern-based queries” of entire datasets. The 2008 guidelines explicitly prohibit analysts from conducting “pattern-based” queries that are not based on known terrorism datapoints. The 2012 guidelines explicitly allow pattern-based queries that are not based on known terrorism data points. Pattern-based queries are still prohibited for databases that NCTC has not copied in its entirety.

Or, as the original article noted:

Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited.

This all comes out almost exactly a decade after it was revealed that the feds were planning a "Total Information Awareness" program to troll through all of its databases to try to hunt down evidence of terrorism at work. That resulted in widespread public backlash and an eventual backing down from the program. This time around, since the whole thing was debated outside of the public eye (and they didn't given it an Orwellian name -- or an equally creepy logo), apparently it's just fine.

But, if you actually believe in things like basic civil liberties, the 4th Amendment and a right to privacy, this is all downright scary. It's the type of stuff that we're told over and over again the US government isn't supposed to do. And then it goes and does it anyway.